Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Ubiquiti Exposes 25 Critical UniFi Security Flaws

Ubiquiti Exposes 25 Critical UniFi Security Flaws

Posted on July 7, 2026 By CWS

In a recent security advisory, Ubiquiti has announced the discovery of 25 vulnerabilities within its UniFi ecosystem. These issues, detailed in Security Advisory Bulletin 066, include several critical vulnerabilities with CVSS v3.1 scores of 9.9 and 10.0, posing significant risks of network-based attacks allowing complete device compromise.

Key Vulnerabilities Identified

The vulnerabilities affect a range of UniFi products, including Connect, Talk, Access, Protect, and Network Applications, as well as the core UniFi OS platform utilized by UDM, UNVR, and UNAS device families. Last month, Ubiquiti addressed critical vulnerabilities that allowed remote privilege escalation on the UniFi OS platform.

Among the most severe issues is CVE-2026-50746, receiving a maximum score of 10.0. This flaw involves improper access control in the UniFi Connect Application (version 3.4.16 and before), allowing unauthenticated attackers on the network to execute command injections. Other critical vulnerabilities, such as CVE-2026-50747 and CVE-2026-50748, involve SQL injection and command injection in UniFi Talk and Access, respectively, both scored at 9.9.

Impact on UniFi Products

Additional significant bugs include CVE-2026-54402, a command injection vulnerability in the UniFi OS, and CVE-2026-55115, which involves SSRF-driven privilege escalation in UniFi Protect, both rated at 9.9. Another notable vulnerability is CVE-2026-55116, an improper access control issue with a score of 9.0, which impacts UDM, UDM-Pro, UDM-SE, and related gateway hardware, allowing unauthorized configuration changes.

High-severity vulnerabilities also include CVE-2026-54403, a path traversal issue rated 8.6, and CVE-2026-54404, which exploits authenticated SQL injection. These vulnerabilities could be combined to bypass low-privilege access requirements.

Mitigation and Future Outlook

Ubiquiti has released updates for all affected products, urging administrators to apply these patches immediately. The fixed versions address vulnerabilities across various applications, including UniFi Connect, Talk, Access, Network Application, and Protect.

The advisory credits numerous independent security researchers for uncovering these vulnerabilities, highlighting the collaborative effort to enhance the security of UniFi products. With no interim workarounds available, organizations using affected hardware are advised to prioritize firmware updates to safeguard their networks against potential exploitation.

As security threats continue to evolve, maintaining up-to-date systems remains crucial for protecting organizational networks from cyber threats. Ubiquiti’s proactive disclosure and patching of these vulnerabilities underscore the importance of vigilance and timely response in cybersecurity.

Cyber Security News Tags:critical flaws, CVE, CVSS, Cybersecurity, Information Security, IT security, network protection, network security, patch release, security advisory, security vulnerabilities, software update, technology news, Ubiquiti, UniFi

Post navigation

Previous Post: Phishing Campaign Exploits AnyDesk for Espionage

Related Posts

Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation Cyber Security News
Critical Windows Flaw Allows SYSTEM Level Access Critical Windows Flaw Allows SYSTEM Level Access Cyber Security News
WantToCry Exploits SMB for Remote File Encryption WantToCry Exploits SMB for Remote File Encryption Cyber Security News
Linux 6.17 Released With Fix for use-after-free Vulnerabilities Linux 6.17 Released With Fix for use-after-free Vulnerabilities Cyber Security News
Quantum Threats Preparing Your Encryption Strategy Quantum Threats Preparing Your Encryption Strategy Cyber Security News
Microsoft to Restrict Windows 11 Auto Installs Due to RCE Flaw Microsoft to Restrict Windows 11 Auto Installs Due to RCE Flaw Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark